477b0286ea489f872a3f3f3b01cef1829098da69e7e386d4a41ecbe51542db32

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffdec.exe
Size

394KB
MD5

c1c196b87e88e0ee86295f0ab6a7c17f
SHA1

101a02625c0f80caeb412298c020cee417c47d93
SHA256

b66b0182373a4992244284fb2aa6bdb1a72a3bfa442b6a34421d6e51915681c3
SHA512

305a1db83a69ac713cc6b05707e38675221db2159f64789175098c72d571b34b7c4453c0f9b9e851c44d63e17e555a273f0c9e7e42977bcb5740e29138c8c4c9
SSDEEP

12288:iCUf7M6OfVLh4vzzzIuYzzzczzzzuREe/tzzzzzztLWz1j1Eqp:idf7rOfVLh4vzzzIuYzzzczzzzuREe/I

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2212	javaw.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ffdec.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2212	javaw.exe
2212	javaw.exe
2212	javaw.exe
2212	javaw.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 2212	4964	ffdec.exe	86
PID 4964 wrote to memory of 2212	4964	ffdec.exe	86

C:\Users\Admin\AppData\Local\Temp\ffdec.exe
"C:\Users\Admin\AppData\Local\Temp\ffdec.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xmx8192m -Djava.net.preferIPv4Stack=true -Djna.nosys=true -Dl5j.pid=4964 -Dl5j.encargs=1 -jar "C:\Users\Admin\AppData\Local\Temp\ffdec.jar"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jna-Admin\jna7282035755327569736.dll

Filesize
190KB

MD5
3cfe09aa1c4e999fedb2a995428e4de3

SHA1
e501129a110431c3a7bc60576a19eef2ba984356

SHA256
3f7553803b33b999e313ed4a069ae9872c595038fe35a54c053a1b19d89dcfad

SHA512
320f4497197b1b7b752471f16d2fad0eacc45160219ce774ff0bb534f504fedb73e991af0c7268e8f1195ce75cbbfedc8b9c19ec31afb4b14e9673ac9c40b1db

Download Submit
memory/2212-3-0x000002398C960000-0x000002398CBD0000-memory.dmp

Filesize
2.4MB

Download
memory/2212-13-0x000002398B190000-0x000002398B191000-memory.dmp

Filesize
4KB

Download
memory/2212-16-0x000002398CBD0000-0x000002398CBE0000-memory.dmp

Filesize
64KB

Download
memory/2212-20-0x000002398CBE0000-0x000002398CBF0000-memory.dmp

Filesize
64KB

Download
memory/2212-28-0x000002398CBF0000-0x000002398CC00000-memory.dmp

Filesize
64KB

Download
memory/2212-31-0x000002398CC00000-0x000002398CC10000-memory.dmp

Filesize
64KB

Download
memory/2212-33-0x000002398CC10000-0x000002398CC20000-memory.dmp

Filesize
64KB

Download
memory/2212-35-0x000002398CC20000-0x000002398CC30000-memory.dmp

Filesize
64KB

Download
memory/2212-40-0x000002398CC30000-0x000002398CC40000-memory.dmp

Filesize
64KB

Download
memory/2212-42-0x000002398CC40000-0x000002398CC50000-memory.dmp

Filesize
64KB

Download
memory/2212-44-0x000002398CC50000-0x000002398CC60000-memory.dmp

Filesize
64KB

Download
memory/2212-46-0x000002398C960000-0x000002398CBD0000-memory.dmp

Filesize
2.4MB

Download
memory/2212-47-0x000002398CC60000-0x000002398CC70000-memory.dmp

Filesize
64KB

Download
memory/2212-50-0x000002398CBD0000-0x000002398CBE0000-memory.dmp

Filesize
64KB

Download
memory/2212-53-0x000002398CBE0000-0x000002398CBF0000-memory.dmp

Filesize
64KB

Download
memory/2212-52-0x000002398CC80000-0x000002398CC90000-memory.dmp

Filesize
64KB

Download
memory/2212-56-0x000002398CC90000-0x000002398CCA0000-memory.dmp

Filesize
64KB

Download
memory/2212-55-0x000002398CBF0000-0x000002398CC00000-memory.dmp

Filesize
64KB

Download
memory/2212-51-0x000002398CC70000-0x000002398CC80000-memory.dmp

Filesize
64KB

Download
memory/2212-60-0x000002398CCA0000-0x000002398CCB0000-memory.dmp

Filesize
64KB

Download
memory/2212-59-0x000002398CC00000-0x000002398CC10000-memory.dmp

Filesize
64KB

Download
memory/2212-61-0x000002398B190000-0x000002398B191000-memory.dmp

Filesize
4KB

Download
memory/2212-64-0x000002398CC10000-0x000002398CC20000-memory.dmp

Filesize
64KB

Download
memory/2212-65-0x000002398CCB0000-0x000002398CCC0000-memory.dmp

Filesize
64KB

Download
memory/2212-67-0x000002398CC20000-0x000002398CC30000-memory.dmp

Filesize
64KB

Download
memory/2212-68-0x000002398CCC0000-0x000002398CCD0000-memory.dmp

Filesize
64KB

Download
memory/2212-71-0x000002398CC30000-0x000002398CC40000-memory.dmp

Filesize
64KB

Download
memory/2212-72-0x000002398CCD0000-0x000002398CCE0000-memory.dmp

Filesize
64KB

Download
memory/2212-74-0x000002398CC40000-0x000002398CC50000-memory.dmp

Filesize
64KB

Download
memory/2212-75-0x000002398CCE0000-0x000002398CCF0000-memory.dmp

Filesize
64KB

Download
memory/2212-79-0x000002398CC50000-0x000002398CC60000-memory.dmp

Filesize
64KB

Download
memory/2212-80-0x000002398CCF0000-0x000002398CD00000-memory.dmp

Filesize
64KB

Download
memory/2212-83-0x000002398CD00000-0x000002398CD10000-memory.dmp

Filesize
64KB

Download
memory/2212-82-0x000002398CC60000-0x000002398CC70000-memory.dmp

Filesize
64KB

Download
memory/2212-87-0x000002398CD10000-0x000002398CD20000-memory.dmp

Filesize
64KB

Download
memory/2212-86-0x000002398CC80000-0x000002398CC90000-memory.dmp

Filesize
64KB

Download
memory/2212-85-0x000002398CC70000-0x000002398CC80000-memory.dmp

Filesize
64KB

Download
memory/2212-89-0x000002398CD20000-0x000002398CD30000-memory.dmp

Filesize
64KB

Download
memory/2212-96-0x000002398CD30000-0x000002398CD40000-memory.dmp

Filesize
64KB

Download
memory/2212-95-0x000002398CC90000-0x000002398CCA0000-memory.dmp

Filesize
64KB

Download
memory/2212-99-0x000002398CD40000-0x000002398CD50000-memory.dmp

Filesize
64KB

Download
memory/2212-98-0x000002398CCA0000-0x000002398CCB0000-memory.dmp

Filesize
64KB

Download
memory/2212-102-0x000002398CD50000-0x000002398CD60000-memory.dmp

Filesize
64KB

Download
memory/2212-101-0x000002398CCB0000-0x000002398CCC0000-memory.dmp

Filesize
64KB

Download
memory/2212-105-0x000002398B190000-0x000002398B191000-memory.dmp

Filesize
4KB

Download
memory/2212-107-0x000002398CCC0000-0x000002398CCD0000-memory.dmp

Filesize
64KB

Download
memory/2212-108-0x000002398CD60000-0x000002398CD70000-memory.dmp

Filesize
64KB

Download
memory/2212-112-0x000002398B190000-0x000002398B191000-memory.dmp

Filesize
4KB

Download
memory/2212-116-0x000002398CCD0000-0x000002398CCE0000-memory.dmp

Filesize
64KB

Download
memory/2212-119-0x000002398CD70000-0x000002398CD80000-memory.dmp

Filesize
64KB

Download
memory/2212-121-0x000002398CD80000-0x000002398CD90000-memory.dmp

Filesize
64KB

Download
memory/2212-120-0x000002398CCE0000-0x000002398CCF0000-memory.dmp

Filesize
64KB

Download
memory/2212-125-0x000002398CCF0000-0x000002398CD00000-memory.dmp

Filesize
64KB

Download
memory/2212-129-0x000002398CD00000-0x000002398CD10000-memory.dmp

Filesize
64KB

Download
memory/2212-135-0x000002398CD20000-0x000002398CD30000-memory.dmp

Filesize
64KB

Download
memory/2212-136-0x000002398CDD0000-0x000002398CDE0000-memory.dmp

Filesize
64KB

Download
memory/2212-134-0x000002398CDC0000-0x000002398CDD0000-memory.dmp

Filesize
64KB

Download
memory/2212-133-0x000002398CD10000-0x000002398CD20000-memory.dmp

Filesize
64KB

Download
memory/2212-128-0x000002398CDB0000-0x000002398CDC0000-memory.dmp

Filesize
64KB

Download
memory/2212-127-0x000002398CDA0000-0x000002398CDB0000-memory.dmp

Filesize
64KB

Download
memory/2212-126-0x000002398CD90000-0x000002398CDA0000-memory.dmp

Filesize
64KB

Download
memory/2212-139-0x000002398CDE0000-0x000002398CDF0000-memory.dmp

Filesize
64KB

Download
memory/2212-143-0x000002398CD40000-0x000002398CD50000-memory.dmp

Filesize
64KB

Download
memory/2212-147-0x000002398CD50000-0x000002398CD60000-memory.dmp

Filesize
64KB

Download
memory/2212-153-0x000002398CD70000-0x000002398CD80000-memory.dmp

Filesize
64KB

Download
memory/2212-152-0x000002398CE30000-0x000002398CE40000-memory.dmp

Filesize
64KB

Download
memory/2212-151-0x000002398CE20000-0x000002398CE30000-memory.dmp

Filesize
64KB

Download
memory/2212-159-0x000002398CD90000-0x000002398CDA0000-memory.dmp

Filesize
64KB

Download
memory/2212-161-0x000002398CDB0000-0x000002398CDC0000-memory.dmp

Filesize
64KB

Download
memory/2212-164-0x000002398CE60000-0x000002398CE70000-memory.dmp

Filesize
64KB

Download
memory/2212-160-0x000002398CDA0000-0x000002398CDB0000-memory.dmp

Filesize
64KB

Download
memory/2212-166-0x000002398CE70000-0x000002398CE80000-memory.dmp

Filesize
64KB

Download
memory/2212-165-0x000002398CDC0000-0x000002398CDD0000-memory.dmp

Filesize
64KB

Download
memory/2212-157-0x000002398CE40000-0x000002398CE50000-memory.dmp

Filesize
64KB

Download
memory/2212-158-0x000002398CE50000-0x000002398CE60000-memory.dmp

Filesize
64KB

Download
memory/2212-156-0x000002398CD80000-0x000002398CD90000-memory.dmp

Filesize
64KB

Download
memory/2212-150-0x000002398CD60000-0x000002398CD70000-memory.dmp

Filesize
64KB

Download
memory/2212-146-0x000002398CE10000-0x000002398CE20000-memory.dmp

Filesize
64KB

Download
memory/2212-171-0x000002398CDE0000-0x000002398CDF0000-memory.dmp

Filesize
64KB

Download
memory/2212-172-0x000002398CE90000-0x000002398CEA0000-memory.dmp

Filesize
64KB

Download
memory/2212-170-0x000002398CE80000-0x000002398CE90000-memory.dmp

Filesize
64KB

Download
memory/2212-169-0x000002398CDD0000-0x000002398CDE0000-memory.dmp

Filesize
64KB

Download
memory/2212-145-0x000002398CE00000-0x000002398CE10000-memory.dmp

Filesize
64KB

Download
memory/2212-144-0x000002398CDF0000-0x000002398CE00000-memory.dmp

Filesize
64KB

Download
memory/2212-138-0x000002398CD30000-0x000002398CD40000-memory.dmp

Filesize
64KB

Download
memory/2212-176-0x000002398CE10000-0x000002398CE20000-memory.dmp

Filesize
64KB

Download
memory/2212-177-0x000002398CEA0000-0x000002398CEB0000-memory.dmp

Filesize
64KB

Download
memory/2212-175-0x000002398CE00000-0x000002398CE10000-memory.dmp

Filesize
64KB

Download
memory/2212-174-0x000002398CDF0000-0x000002398CE00000-memory.dmp

Filesize
64KB

Download
memory/2212-181-0x000002398CEC0000-0x000002398CED0000-memory.dmp

Filesize
64KB

Download
memory/2212-183-0x000002398CE30000-0x000002398CE40000-memory.dmp

Filesize
64KB

Download
memory/2212-182-0x000002398CE20000-0x000002398CE30000-memory.dmp

Filesize
64KB

Download
memory/2212-192-0x000002398CE50000-0x000002398CE60000-memory.dmp

Filesize
64KB

Download
memory/2212-191-0x000002398CE40000-0x000002398CE50000-memory.dmp

Filesize
64KB

Download
memory/2212-190-0x000002398CEF0000-0x000002398CF00000-memory.dmp

Filesize
64KB

Download
memory/2212-189-0x000002398CEE0000-0x000002398CEF0000-memory.dmp

Filesize
64KB

Download
memory/2212-188-0x000002398CED0000-0x000002398CEE0000-memory.dmp

Filesize
64KB

Download
memory/2212-180-0x000002398CEB0000-0x000002398CEC0000-memory.dmp

Filesize
64KB

Download
memory/2212-196-0x000002398CF00000-0x000002398CF10000-memory.dmp

Filesize
64KB

Download
memory/2212-279-0x000002398B190000-0x000002398B191000-memory.dmp

Filesize
4KB

Download
memory/2212-317-0x000002398B190000-0x000002398B191000-memory.dmp

Filesize
4KB

Download
memory/4964-0-0x0000000000461000-0x0000000000466000-memory.dmp

Filesize
20KB

Download
memory/4964-307-0x0000000000460000-0x00000000004C9000-memory.dmp

Filesize
420KB

Download